Coming soon to a fridge near you -- targeted ads

Targeted advertisements are headed to smart refrigerators, smart thermostats and other Internet-connected devices, potentially raising new privacy concerns for people who use those products.

A financial report filed by Google in December and picked up Wednesday by the Wall Street Journal describes the Internet company's intent to deliver ads on almost any IP-enabled device that it has access to in the future.

"We expect the definition of mobile to continue to evolve as more and more 'smart' devices gain traction in the market," Google said in a letter addressed to the accounting branch chief at the U.S. Securities and Exchange Commission. That statement was part of an explanation of why Google doesn't disclose its mobile revenues separately.

"For example, a few years from now, we and other companies could be serving ads and other content on refrigerators, car dashboards, thermostats, glasses, and watches, to name just a few possibilities," the company said.

In the letter, Google said it expects users of its services to view ads on an "increasingly wide diversity of devices" in the future. "Thus," the letter went on to say, "our advertising systems are becoming increasingly device-agnostic."

Rather than developing separate ad campaigns for desktops, mobile and other device categories, the company said it plans to develop device-agnostic campaigns capable of dynamically delivering targeted ads "to the right user at the right time on whatever device that makes the most sense."

Many people may not be concerned about the prospect of a future in which a smart fridge could serve up an ad for, say, toaster strudels, or a thermostat could deliver a pitch for a brand of furnaces. But privacy advocates see things differently.

The Electronic Frontier Foundation (EFF), the Electronic Privacy Information Center (EPIC) and other groups have raised concerns about the potential for privacy intrusions in a world where many things that people use on a daily basis are connected to the Internet.

The Federal Trade Commission has acknowledged the need for a closer inspection of the potential security and privacy implications of the so-called Internet of Things (IoT).

"Consumers already are able to use their mobile phones to open their car doors, turn off their home lights, adjust their thermostats, and have their vital signs, such as blood pressure, EKG, and blood sugar levels, remotely monitored by their physicians," the FTC noted last November while convening a workshop on IoT privacy and security issues.

"In the not-too-distant future, consumers approaching a grocery store might receive messages from their refrigerator reminding them that they are running out of milk," the FTC said.

The big concern with plans by Google and others to deliver targeted ads into the home is the potential for misuse of customer data, said Marc Rotenberg, president of EPIC.

Google "routinely integrates user data from the companies it acquires," Rotenberg said. "We believe that raises serious concerns and should be subject to careful FTC review as both a consumer privacy issue and an antitrust issue," he said.

While Nest assured customers that their data would be used by Google only for product improvement and support purposes, groups like EPIC urged the FTC to investigate how Google planned to use Nest customer data.

A Google spokesman, in an email, said the company is in touch with the SEC to clarify some of the language in its earlier filing. The comments in the filing do not reflect Google's product road map, the spokesman said. "Nest, which we acquired after this filing was made, does not have an ads-based model and has never had any such plans," he said.

Google also emailed a statement from Nest CEO Tony Fadell. "Nest is being run independently from the rest of Google, with a separate management team, brand and culture," the statement read. While Nest has a paid-for business model, Google's model is ad-supported.

"We have nothing against ads; after all Nest does lots of advertising," Fadell said. "We just don't think ads are right for the Nest user experience."

Similar concerns were raised when Facebook purchased WhatsApp. "Acting in reliance on WhatsApp representations, Internet users provided detailed personal information to the company, including private text to close friends," EPIC had noted in a brief with the FTC.

"The proposed acquisition will therefore violate WhatsApp users' understanding of their exposure to online advertising and constitutes an unfair and deceptive trade practice," the advocacy group had noted.

The same sort of concerns apply to Google and other companies that plan on leveraging data from the IoT to deliver targeted messaging, according to Rotenberg, who said, "Google should not be tracking what people are doing in their homes."

Latest Videos

​Email fraud is nothing new, but online criminals have become ever more-effective at spoofing their identities to trick employees into sending them money. The Australian Centre for Cyber Security (ACSC) recorded losses of over $20M to business email compromise (BEC) attacks last year alone, up 230 percent over the previous year – and the full amount is certain to be much larger.​

No matter how robust your security, or how diligent your employees, network credentials are a free pass for cybercriminals. This is mostly because employees are relied upon for their own password management. And with more than 4.8 billion sets of stolen credentials said to be available online, odds are that at least a few of your employees’ user IDs and passwords are just waiting to be used by unscrupulous outsiders. Are you ready to stop them?

Cyber resilience will be particularly important as Australian organisations face increased pressure to quickly detect, respond to, and manage the repercussions of breaches in the wake of 2018’s Notifiable Data Breaches (NDB) scheme.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.